Using HCP Waypoint as your Internal Developer Platform (IDP)

[Music] hey I'm super excited today to be talking about hcp Waypoint and how it can act as an internal developer platform you've probably seen me talk about internal developer platforms before or maybe you saw the original launch of Waypoint a few years ago but I want to talk today about how Waypoint has evolved to really act as an internal developer platform what is that even mean what is an internal developer platform and you know where does it sit in terms of solving some of the challenges of doing Cloud delivery at

scale so with that I want to jump right in so when we talk about Waypoint I think it's important to first put it in the context of what is an internal developer platform and what's the goal what are we trying to solve for right so at a high level the way I like to think about it is what's the interface between our developers and their concern which is really more around application delivery application life cycle and our operators or our platform teams who are

responsible for the underpinning infrastructure that our applications run on top of right so we can think about it as these two groups obviously have to work closely together the applications run on top of that infrastructure there's naturally an interface between them but often times it's kind of blurry it's kind of messy it usually lives within sort of a a cicd pipeline where it's not really clear where the developer concern ends and the operator concern begins and so I think one of the key goals of an internal developer platform is to cleanly separate that it's to really position as a layer that

sits between the developer concern and the operator concern so that we can draw a hard line and say the developer is really a customer of this layer the IDP layer and everything below that is really the operator's concern in terms of defining how the actual platform operates right now the platform shouldn't own everything not everything gets kind of subsumed by this often times developers want to still own the pre-production pipeline that goes from you know Version Control through their sort of C my

pipeline you know and then from there might Connect into something like the IDP so you might say great I'm using GitHub or gitlab or something for my developers they're doing their Dev test in sort of a classic way but then when a touch is saying okay well now I'm ready to deploy this app into a production environment that tends to be the key touch point right and I think the real challenge when you start to touch production is there's an explosion of tools right that might be where it's like now I have to learn kubernetes and a yaml specification I have to configure my Argo I have to use terraform to you

know spin up and manage infrastructure I have to set up my data dog dashboards and pager Duty alarms and so on and so forth so you start to see this explosion the moment you sort of leave Dev test land and the goal of the IDP is to sort of abstract that away right as a developer they don't really need to know what's happening in sort of the messy underneath where it's like it might be running with a whole bunch of different you know components that we need to deliver our applications but all of these are sort of a detail from our application perspective right

so when we start to say okay well this is at a very high level the way I would think about an internal developer platform it's about the interface between developers and operators it's about an abstraction layer that hides the infrastructure and allows the developers to focus on their business logic most of the time it is not meant to be a replacement for what you're doing with your version control or cicd that sort of sits to the left of it in sort of Dev test land so now what is the sort of highle Concepts that start to matter right and so particularly if we think about this in the context of

Waypoint there's a few key important Concepts that we talk about right the first is this notion of like do I have a service catalog or an application catalog of what are all my different applications that are running right meaning I can come to this thing and Define a new catalog right so I might say within my organization you know I can define a series of projects and then within those projects I can define a series of applications right application you know one to you know application n

right and just for the sake of it we might say this is app Fu For example right so first of all do I just have a catalog where I can just say what are my applications I do I have Fubar and baz is there 10 of them 50 of them a thousand applications like what are they right so that's becomes the first level thing it's like just providing that highle service catalog right so I might start by describing it this way now that on its own is not particularly interesting there's probably a million ways you could solve that just have a spreadsheet I think it starts to get interesting

where you say okay but how do I connect that catalog into the operational rhythm of how these applications are actually built deployed and manag through their full life cycle right so if I come in and say great I want to create a new application Fu and fu is a new Java application well I don't want every one of my Java applications to be a special snowflake that's defined differently built differently managed differently ideally what I'd like to do is Define a set of golden patterns right where those golden patterns might

Define something like let's say a Java app such that all of the new versions of that follow the same pattern if I create a new application bar and it's also a Java app it should look functionally identical to Fu because this gives me a consistency of management now for my operations teams so I don't have to manage every one of these applications in a unique way right so great we want to have this concept of a golden pattern how does that literally work with something like Waypoint the way it works is we integrate tightly with terraform

Cloud So within terraform Cloud we're going to go ahead and Define a set of modules so with terraform you can obviously write terraform configurations but you can also write terraform modules which are reusable libraries of capability right so within my registry I can Define and say great I'm going to define a pattern that's a Java application right so this is often written and managed by my operations teams they're going to Define and say great we have the Java pattern here's

how it works underneath the hood maybe it's a kubernetes cluster and we have you know a load balancer in front of it and there's a scaling mechanism and we've tying into some default metrics that we want to monitor we create a data dog dashboard for it so we can wrap up all of these different things that we're concerned about right we use terraform to Define it run it on kubernetes pre-wired into Data dog and pagro Duty with some sensible thresholds and alarms and dashboards but our developer doesn't need to know anything about that they can just come and say great I'd like to consume this pattern right and say it's a Java application

and then this template gets linked to this pattern right so when we Define the set of patterns we basically can create a linkage between these that are defined within terraform modules and then in Waypoint what we want to expose we're going to call this a template so the Java template will be linked to the terraform module in this case right and so now we can come in instantiate Fu and underneath the hood what Waypoint is doing is it's going to create a new terraform workspace for us and it's going to prevent based on that

linked module definition and then this application gets linked to it so we can say great this might be workspace one and then we maintain that linkage that says yeah application FU by the way is linked to workspace one which is instantiation of that Java template and this can then be customized we might be able to say for example you know maybe I parameterize this and say is it a small medium or large application and maybe what region it's in things like that and so when we Define application Fu we can also Define and say well this is an

instance of a small cluster and that will flow all the way down to the terraform execution where then we can take that variable and based on that small medium large Define the infrastructure appropriately right so that's great this gives us at least a baseline if I can create a catalog I can say I want to create application fuar and bads they're all Java apps and I can Define them in a consistent way based on an infrastructur isk code pattern manage with terraform now often times it's not not just enough to say well it's just a Java app well okay great doesn't that

Java app need a database maybe it needs an S3 blob store maybe it needs a CFA Q to do message passing there's usually a bunch of other pieces that surround an application rarely is it just the application on its own so building on the same notion of a golden pattern you can tempti these add-ons is how we think about them right so if my core app is the Java app why I have an add-on for CFA and I might have an add-on for you know and I might have an add-on for let's say red this

right so all of these once again get defined as terraform modules right so we can Define them in a repeatable way it's as code we can modularize them to say okay are they all small medium large as their inputs you know do how many different you know topics do I need for CFA things like that and so now when I Define it it's not just the template I can say great not only do I need the Java template I also need the redus addon you know this is an addon to basically the core template plus I want C plus I want mango

right and so now if the developer specifies that they again don't need to know how this works what Waypoint will do is instantiate the additional workspaces linked with the right variables to basically import and create all of the sub pieces of infrastructure that are needed and similarly all that gets linked to the application so I can say great I have workspace one sorry that's Java workspace 2 great that gives me my redus you know so on and so forth right so now I can have a the sort of

visibility if I click into food to say what are all the resources associated with this application I can trace that through to great I know what are the sub terraform workspaces and then what are the other you know underlying resources that are being spun up in support of this application right so I get the service catalog which is really more about providing me that consistent metadata I know about what are all the applications what are all the sort of workspaces and resources associated with it but I also get these golden patterns which let my developers come in quickly provision these things without having to

be expert and the Ops teams gets to have a standard set of templates for how they're building and maintaining these things so they don't have to have you know a million unique snowflakes now over time inevitably there's a life cycle management to this as well it's not just great I created the Java app day one and Reda and CFA day two over time I say well there's a new version of java right so now I publish a V2 module because there's an update to the jdk or there's a security vulnerability or whatever I want to then be able to go patch all instances of the application

that are using this Java template so this is where a waypoint really starts to help is great we have applications running at scale there's 50 apps using the same Java template can I now have a consistent way that I'm going and patching and upgrading all of those things right same thing could apply to my say there's a new version of database that comes out I need to go do the same thing so it's not just the day one problem it's that day two day three how am I patching scaling maintaining you know upgrading to new versions Etc right so this core becomes sort of golden patterns it's a mix of

both templates and add-ons now in a reality most applications you're not just deploying the app and then you're done there's usually a set of actions associated with it right sometimes these get baked into pipelines often times they're ad hoc you know even you know commonly you might see developers have to ssh in and manually execute commands in a production environment to do different things but some with the actions for example just to make it more concrete right so if I talk about Golden patterns and golden actions

or sometimes you might call them golden workflows right so it might be the workflow and there's specific actions that we'll Define so for a Java app for example you might say I have you know three common ones I build the application as an example great I have code that's sitting in my you know Version Control pipeline it's passed all the tests but now there's a formal build I need to compile the artifact build a container push it into artifactory version it you know maybe replicate it to multiple uh you know data centers around the world Etc so the build is a discrete action then I might say okay great I've built

it now I want to deploy great so I might build that says hey version 5 artifact was built now I want to go and deploy and say deploy version 5 that might go well and great we look at our data dog dashboard and everything's looking good but it might also go badly we might deploy it and all of a sudden we see hey every request is generating a 500 air you know we've pushed a bad build we got to go do something about it so you might have a different action that's a roll back for example right so these might be opinionated actions right that we want to Define as

part of the pattern to say great the Java pattern supports a build deploy and roll back action right and again these might use a whole mix of different tools right the build might be you know Java native tooling and maybe it's Docker tooling to build a container and we're pushing it into artifactory deploy might be we're using Argo or we're using you know terraform or we're using something else you know roll back might be again using those tools but in reverse and so the key becomes from a developer standpoint they shouldn't have to see you know how the sausage is made becomes

a detail they should be able to log into Waypoint push the build button not really have to care how it works while the Ops teams platform teams they should be able to control how these actions work and these actions aren't just meant for sort of core templates you might say similarly for redus I might want an action that's you know Purge my cash you if I'm using Reedus as a caching mechanism right maybe for cafka I similarly might want to purge a topic right if I have it as a runbook you know action you know maybe my

application's backed up it's not processing transactions correctly or something's corrupt about the queue how do I quickly go in and just Purge everything in that topic right same thing with maybe I want to come in and I need to do something like you know rebuild an index or something or I need to force releasing certain locks right so there might be various sort of database operations I want to take that are sort of part of a runbook of operating that service something's not going wrong performance isn't the way we think it is we need to trigger some action I don't necessarily want my developer to SSH into production

and run this command you know directly against the database where God knows what other commands they might be running or maybe they're not familiar and they run the wrong command so those kind of things how do I capture those run books in an opinionated Way Package them and attach them to the pattern and then they get exposed as an opinionated action that the user can you know Express because great the fu app happens to import redus which means they have access to the purge cach action basically right so then when we sort of take a look at this what we're really trying to do is a few things we're

solving for a few different constraints one is for our developers you can see that the key focus when we talk about Golden patterns and golden workflows is I want to enable them to go quickly without having to be experts on how the system works right the details of how the system operates isn't their concern it's about well what's the life cycle goal I have I want to build my new you know Fu application I want to extend it by you know great next I want to add you know elastic to it you know so so I want to add elastic cuz it's a new capability

I'm building in the app that needs search okay great I don't want to have to care how do I provision an elastic cluster and configure it correctly not really what I care about I just want to say that's an additional add-on I need and my Ops Team can Define what's the template for bringing up and spinning and managing an elastic cluster so that's the value up here for the Ops groups it's really about how do I do this in a consistent way at scale right I don't want to have to manage Java and CFA and elastic in a

unique way times 50 100 500 applications I want people to be able to quickly come and say great reuse this template and now when I need to do a new version of Java for the SDK I can do it once and apply that update to 100 applications rather than have to go chase a 100 different apps and force them to upgrade right because it's been inconsistent ultimately when you think about this at scale it's really about managing you know cost of operations and operational efficiency and it's about managing risk right and risk comes in a few different buckets it could be security risk because you have patch vulnerabilities

could be operational risk because things aren't well configured or you're deploying with n equals 1 and you know there's no ha story at play things like that so ultimately if I can consider the risk and cost components into the design of my golden patterns and actions and to apply it consistently that's the benefit for my op steam I don't have to think about it a 100 different ways I think about it one way and then I apply to all of the users of it right so that really becomes the goal so really Waypoint sits as sort of providing the sort of an internal developer platform capability

right really focused on Golden pattern golden action at the heart of it and really doing this by having tight integration with things like terraform cloud in terms of how we're defining these patterns as code and then automating the execution of it right so ultimately that's kind of the goal you know and it all starts you know really at the heart of that becomes the sort of service catalog concept where you're creating the app as really the sort of primary object if you will right the the sort of Foo application here is what we're modeling the infrastructure really is in service of that application right

and that's really more of how the application teams think about it versus how infrastructure tends to think about it which sort of infrastructure up rather than sort of application down so hopefully this was helpful and gives a little bit of an overview of some of the features and capabilities of Waypoint I hope you found this useful [Music]